Aarogya Setu App Caught Secretly Recording Videos! Here’s What A User Found, And It’s Really Disturbing
A user has alleged that Aarogya Setu app is secretly recording video continuously. The app has been exposed to criticism since it came into effect, and the Government has tried to make it mandatory everywhere possible, from airports to stations to malls and what not.
The recent discovery does put out a lot of questions, but is Aarogya Setu actually recording videos?
According to the user’s post on Reddit, the Aarogya Setu app on his mom’s phone was recording video continuously for 7.5 hours.
It’s not the first time Aarogya Setu’s authenticity has been questioned. French hacker Elliot Alderson in May claimed that the Aarogya Setu app allows users to find out who is sick in a particular area directly questioning the inadequacy of privacy in the app.
Aarogya Setu App Secretly Recording Videos? Here’s What Happened
The user has a post up on Reddit explaining the whole incident. Here’s what he has posted:
‘ My mom’s phone was being sluggish, laggy. Clearly, something had high CPU usage and was draining the battery. Therefore I decided to use Battery Historian.
Found that the CPU was used continuously, full tilt for 7.5 hours.
VideoOn i.e video recording was also taking place for the exact same time, down to the millisecond.
WiFi was also actively used for almost the exact same time (with a 1 minute difference because I turned on airplane mode to try and disrupt whatever was slowing down the phone).
And then I go down and look at the list of foreground services, and there’s Aarogya Setu, with the exact same running duration, down to the millisecond.?
Aarogya Setu had camera permissions enabled somehow, and it was continuously recording video, using the CPU with max. usage, and transmitting something over the WiFi for 7.5 hours.
Take a look at the Android manifest here: GITHUB Source Code.
It doesn’t list any camera permissions. But if you download the official app and decompile it, the manifest includes camera and wakelock permissions. And they were used today, to potentially spy on my family.
And yes, it is the official app, and not a third party app. It’s the official app downloaded from the store.
Screenshots of Battery Historian:
Screenshot 2. ‘
Aarogya Setu App Allegations: Not The First Time
In May French hacker Elliot Alderson (Mr Robot character) alleged that there are certain privacy issues in Aarogya Setu, country’s official Covid-19 tracker app. He claimed that the Aarogya Setu app allows users to find out who is sick in a particular area directly questioning the inadequacy of privacy in the app.
Alderson found that the WebViewActivity allowed users to access internal files of the app with a few commands as there was no host validation. Later it was fixed.
The French hacker found another issue where it is possible to modify the user’s location to find out who is sick in a particular area. Aarogya Setu app allows users to change the radius of the area between 500m, 1km, 2km, 5km or 10km.
Recently Alderson tweeted tagging the Prime Minister’s Office informing them about a security issue found in PM Narendra Modi’s website. He asked someone to contact him for the issue to be fixed. He again tweeted confirming someone contacted him and the issues have been disclosed.
Do note, nothing has been officially confirmed from Aarogya Setu’s side or neither by any independent agency. It’s an allegation with the supported facts, and we are not liable for any misinterpreted figures produced by the user.